Provider Credentials Registry
任务:
P0-W0-001Provider API Test Credential Acquisition 更新时间: 2026-05-04 原则: 本文件只记录状态、环境变量名、Secret Manager 位置和阻塞原因;不得记录 API key、个人邮箱、电话号码、验证码或付款卡资料。 FOUNDER use this file to keep traking information, do not change it.
当前结论
| Provider | 状态 | AIOrouter env var | Secret Manager name / 存放位置 | 注册与付款状态 | 下一步 |
|---|---|---|---|---|---|
| DeepSeek | obtained | DEEPSEEK_API_KEY |
DeepSeek-API in GCP Secret Manager, project gcp-aiorouter |
已完成注册与 VISA 付款验证;key active | 注入 env 后用 LIVE_PROVIDER_CONTRACTS=1 执行 live contract smoke。 |
| Alibaba Qwen / DashScope | obtained | DASHSCOPE_API_KEY | Alibaba-USeast1-API-KEY in GCP Secret Manager, project gcp-aiorouter | 已完成 Alibaba Cloud 国际帐号、付款方式与业务资料提交;US East key active | 注入 env 后用 DashScope compatible-mode live test 验证 model/SSE/usage。 |
Login with tayachu@gmail.com Google and receive email for passcode verification
https://home.console.alibabacloud.com/home/dashboard/ProductAndService
Received email from Raymond Liang, Cloud Service Consultant Manager from Alibaba on May 4th,2026. I have replied and will organize a meeting with them.
Token Plan US$30/$100/$200 per seat per month
https://myaccount.console.alibabacloud.com/cert Account Center/Identity Verification Identity Verification Identity Verification Help View Verification Information View Document Account Type Enterprise Authentication Type Business Registration Certificate Company Name AIOCANA Technologies Inc Document Number 17546912
Verification Successful
Your enterprise account has been successfully verified.Once verified, you can: · Sign online contracts, apply for a credit limit, and join the Alibaba Cloud Partner Network. · Update the enterprise information on your account
| Moonshot Kimi | obtained | MOONSHOT_API_KEY | Moonshot-KIMI-API in GCP Secret Manager, project gcp-aiorouter | 已完成注册、短信验证与 Alipay 充值;key active | 注入 env 后用 Moonshot live test 验证 long-context model/SSE/usage。 |
Login with tayachu@gmail.com and Google Verification with Cellphone for login https://platform.kimi.ai/
Paid $20US by BMO AIOCANA Mastercard online
Provided AIOCANA Technologies Inc. Info as organization
Can contact sales online later
| Zhipu GLM | pending | GLM_API_KEY | not created until approval | 已注册并提交公司营业执照;业务审核等待中 | Founder 检查审核状态;获批后创建 GLM_API_KEY secret。 |
| Baidu Ernie | blocked | ERNIE_API_KEY,
ERNIE_SECRET_KEY | not created until account path exists |
Login with 613-983-6780 and recevie OTP passcode https://bigmodel.cn/console/overview
您尚未完成个人实名认证 继续个人认证|变更为企业认证|查看认证变更记录 认证状态: 认证中 认证类型: 个人 真实姓名: Ta-Ya Chu 证件类型: 外国护照 证件号码: A******2 (提供了加拿大护照正反面及手持护照正面照片) 认证时间: 2026-05-13 08:08:26
您尚未完成企业实名认证 继续企业认证|变更为个人认证|查看认证变更记录 认证状态: 认证中 认证类型: 注册企业 企业名称: AIOCANA Technologies Inc. 证件类型: 营业执照 信用代码: 暂无 认证时间: 2026-05-02 05:28:54 提示 为了您的账户安全,请完成实名认证。 完成实名认证后可使用平台的API Keys等服务。 实名认证分为个人认证和企业认证。
| ByteDance Doubao | blocked | DOUBAO_API_KEY | not created until account path exists | Volcengine 当前只接受中国大陆手机号注册 | Founder 寻找中国合作方、云市场代理或直接 partnership。 |
Inventory Check
安全检查 secret presence,不读取 secret value:
npm run providers:credential-status
详细操作步骤见 docs/provider-credential-acquisition-runbook.md。
最新 artifact: diagnostics/local-artifacts/provider-credential-status-2026-05-04T22-30-25-834Z.json。
2026-05-04 检查结果摘要:
| Provider group | Result |
|---|---|
| Obtained providers | 3/3 Secret Manager entries exist with enabled versions (DeepSeek-API, Alibaba-USeast1-API-KEY, Moonshot-KIMI-API) |
| Runtime env vars in current shell | 0/6 injected; live tests remain gated |
| Pending / blocked providers | GLM pending; Ernie and Doubao blocked |
| Secret values read | false |
Credential Handling Rules
- API key 只允许存在于
.env、GCP Secret Manager 或本地未提交的安全凭证存储。 - 代码、测试、文档、task JSON、diagnostics artifact 中不得写入 secret value。
- Live contract tests 必须由
LIVE_PROVIDER_CONTRACTS=1显式开启,避免自动消耗 provider credit。 - GCP 资源默认项目为
gcp-aiorouter;地区相关资源使用northamerica-northeast1。 - 如果读取 Secret Manager,需要先确认当前执行者具备授权;不要在日志输出 secret value。
Connectivity Verification Commands
这些命令只展示形状,不包含 secret。执行前需在 shell 中注入对应环境变量。
LIVE_PROVIDER_CONTRACTS=1 npm run test:provider-live
单 provider 验证可使用现有 contract tests:
npx vitest run tests/providers/qwen.contract.test.ts
npx vitest run tests/providers/kimi.contract.test.ts
npx vitest run tests/providers/glm.contract.test.ts
npx vitest run tests/providers/ernie.contract.test.ts
npx vitest run tests/providers/doubao.contract.test.ts
DeepSeek 当前由聚合 live harness 覆盖:
LIVE_PROVIDER_CONTRACTS=1 DEEPSEEK_API_KEY=... npx vitest run tests/providers/provider-contract-live.test.ts
Fallback Decisions For Public Beta
| Provider | Public beta decision | Reason |
|---|---|---|
| DeepSeek | include as primary once live smoke passes | Primary model path and key obtained. |
| Qwen | include as secondary once live smoke passes | Key obtained; compatible-mode API is already implemented. |
| Kimi | include for long-context once live smoke passes | Key obtained and strong context-window differentiation. |
| GLM | hold until key approval | Business verification pending; no live evidence yet. |
| Ernie | exclude from beta until credential path exists | Mainland phone blocker. |
| Doubao | exclude from beta until credential path exists | Mainland phone blocker. |
Governance Status
P0-W0-001is not fully complete because 2 providers are blocked and 1 is pending.- Current usable credential coverage for implementation smoke is 3/6 obtained.
- Confirmed Secret Manager entries exist for the 3 obtained providers; runtime env vars still need explicit injection before live tests.
- The remaining work is Founder/provider-account gated rather than code-gated.